** [http://pgp.cs.uu.nl/plot/ analysis of the strong set in the PGP web of trust]

+

** [http://www.lysator.liu.se/~jc/wotsap/index.html wotsap (Web of trust statistics and pathfinder)] - take a look at the [http://www.lysator.liu.se/~jc/wotsap/search.html search page] for a bunch of interesting things you can do. [http://webware.lysator.liu.se/jc/wotsap/wots/latest/groupmatrix/110810E9,0x154FDAF0,0x57E02D57,0xD72AD0EF,0x1999A427,0x85DACC63,B2420431,0x62A2258E,0x0E572FDD,024BB3D1,3A7676E7,0x210BDF5A,0x9342BF08,0x1F85118D,0x07D2F8B4,0x89CCAE8B,0x34E36341,0x390EBBB9,AA482E46,0x92F0FC09,E65E4F3D,0xFA6C4994,D1F5C478,DAD3DF0E,0x8B3D4806,9B649644,5B7CBD2B,94BC377E,1285BE7C,0x750152F1,CD84EE48,DF044293,188C6D38,2486CFD6,D39BE61C,C40F2998,C8391120,0xEBD267AB,0x6EF4DA92,0xB4D3D7B0,0x835D13A0.txt Here] is a matrix of all the key signings from FUDCon. (Note: It sometimes takes quite a while for new data to show up in the wotsap.)

+

+

== Original Page ==

+

{{admon/warning|The signup deadline has passed|If you still want to participate, bring about 60 slips with your key's fingerprint printed or '''neatly''' written on it.}}

There will be a GPG Key Signing Event held at FUDCon Blacksburg 2012 on Saturday, January 14th, at 1700 (5pm). There will also be a [[FUDCon:Blacksburg_2012_CAcert_Assurance_Event|CAcert Assurance event]] held at 1600 (4pm), immediately preceding this event.

There will be a GPG Key Signing Event held at FUDCon Blacksburg 2012 on Saturday, January 14th, at 1700 (5pm). There will also be a [[FUDCon:Blacksburg_2012_CAcert_Assurance_Event|CAcert Assurance event]] held at 1600 (4pm), immediately preceding this event.

Please sign up below and make sure your key is available on the public keyserver network or make a note here with the url if it is not.

Please sign up below and make sure your key is available on the public keyserver network or make a note here with the url if it is not.

−

We will be conducting the event as follows:

+

== Notice of change ==

−

The participants will send their key information to the coordinator who would compile it into a list (compiled from this wiki page). Each participant, upon arriving at the party, will be given a copy of the key list. Each participant will then be called on by the coordinator. The participant will then check their key fingerprint against the fingerprint on the sheet that the coordinator gave them. If the participant is sure that their key is the same as the key on the sheet then the participant will read their fingerprint aloud so that the other party participants can make sure they also have the correct matching fingerprint. If they do in fact have the correct matching fingerprint, they will check it off on their sheet. This is necessary to make sure that the coordinator has not made a mistake in the generation of the sheet or has not slipped a sheet with faked key information to one or more of the participants. After everyone has checked off the participant's key, the coordinator will then call on the next participant, and so on. After all of the keys have been verified, the participants and coordinator will be asked to form a long single file line while holding their IDs in front of them. The person at the head of the line walks down the line and checks each person's ID. If their ID is correct, they will place a second check mark on their list. Once a key has two check marks it can be signed.

+

Nick and I are working through the last minute logistics that goes along with the event. We hadn't planned on this event event being so popular! With this in mind we have decided to change the way we are doing the key verifications. Originally we were planning on each person, individually, standing up and reading their key aloud while everyone else verified the paper copy provided for the event. This procedure is used most often and is the most secure. The problem is we now have <strike>forty-four</strike> forty-nine keys to be signed! That's going to take a while!

+

+

For larger parties the recommended procedure is the "hash-based method". The keys will still be provided to everyone on paper. The file will be digitally signed (and electronic versions of the document will be made available). At the event everyone verifies that *their* key is listed correctly on the paper and then the host will read the hash to everyone so that everyone can verify that their copy is correct and has not been modified. Once this happens and everyone is satisfied that they have the correct list of keys then we check everyone's identification.

+

+

If anyone has any concern about this procedure please let us know *now* so we can address this.

# NO computer (or at least leave it in your bag or something, you don't need to actually sign the keys right then)

+

+

=== Why shouldn't I bring a computer?===

+

There are a variety of reasons, why you don't want to do this. The short answer is it would be insecure, unsafe, and of no benefit. For those not convinced, here are some reasons why it is insecure, unsafe, and of no benefit.

+

* If people are carrying their secret keys with them and intend to do the signing at the actual meeting by typing their passphrase into a computer, then they are open to key-logging attacks, shoulder-surfing, etc.

+

* Someone might spill $beverage on it.

+

* Someone might drop it or knock it off the table.

+

* Etc

+

+

== Keysigning Procedure ==

+

# Generate a key/Remember your pass phrase

+

# All attendees send their public keys to a public keyserver. For this party, we'll use keys.bz or keys.christensenplace.us. If for some reason you don't want your key to be in a public keyserver, but still want to participate, please let me know.

+

# All attendees posts their fingerprint to this wiki page (see below). The event coordinator will compile everyone's key information.

+

# The host prints a list with everyone's fingerprint from the compiled keyrings and distributes copies of the printout at the meeting.

+

# Attend the party. Bring along a paper copy of your fingerprint that you obtained from your own keyring. You must also bring along a suitable photo ID. Instruct the attendees at the beginning that they are to make two marks on the listing, one for correct key information and one if the ID check is ok.

+

# At the meeting the host will distribute the key forms and a hash of that form (also available from this wiki page). The host will read the hash key out so that everyone can verify they have the same file. Everyone will verify that their fingerprint is correct on the form. Once everyone has verified these two pieces of information we will start with the identifications.

+

# After everyone has read his key ID information, have all attendees form a line.

+

# The first person walks down the line having every person check his ID.

+

# The second person follows immediately behind the first person and so on.

+

# If you are satisfied that the person is who they say they are, and that the key on the printout is theirs, you place another check-mark next to their key on your printout.

+

# Once the first person cycles back around to the front of the line he has checked all the other IDs and his ID has been checked by all others.

+

# After everybody has identified himself or herself the formal part of the meeting is over. You are free to leave or to stay and discuss matters of PGP and privacy (or anything else) with fellow PGP users. If everyone is punctual the formal part of the evening should take less than an hour.

+

# After confirming that the key information on the key server matches the printout that you have checked, sign the appropriate keys. Keys can only be signed if they have two check-marks.

+

# Send the signed keys back to the keyservers.

+

# Use those keys as often as possible.

−

We are not providing specific guidelines on what IDs are acceptable, or how many are required, however, it is generally expected that each participant will be able to provide some sort of government issued photo identification, such as driver's license, passport, etc., matching the name on their key.

+

=== Acceptable Identification ===

+

We are not providing specific guidelines on what IDs are acceptable, or how many are required, however, it is generally expected that each participant will be able to provide some sort of government issued photo identification, such as driver's license, passport, etc., matching the name on their key. It is up to the other participants whether or not they will accept your identification.

The signup deadline has passedIf you still want to participate, bring about 60 slips with your key's fingerprint printed or neatly written on it.

There will be a GPG Key Signing Event held at FUDCon Blacksburg 2012 on Saturday, January 14th, at 1700 (5pm). There will also be a CAcert Assurance event held at 1600 (4pm), immediately preceding this event.

Please sign up below and make sure your key is available on the public keyserver network or make a note here with the url if it is not.

Nick and I are working through the last minute logistics that goes along with the event. We hadn't planned on this event event being so popular! With this in mind we have decided to change the way we are doing the key verifications. Originally we were planning on each person, individually, standing up and reading their key aloud while everyone else verified the paper copy provided for the event. This procedure is used most often and is the most secure. The problem is we now have forty-four forty-nine keys to be signed! That's going to take a while!

For larger parties the recommended procedure is the "hash-based method". The keys will still be provided to everyone on paper. The file will be digitally signed (and electronic versions of the document will be made available). At the event everyone verifies that *their* key is listed correctly on the paper and then the host will read the hash to everyone so that everyone can verify that their copy is correct and has not been modified. Once this happens and everyone is satisfied that they have the correct list of keys then we check everyone's identification.

If anyone has any concern about this procedure please let us know *now* so we can address this.

There are a variety of reasons, why you don't want to do this. The short answer is it would be insecure, unsafe, and of no benefit. For those not convinced, here are some reasons why it is insecure, unsafe, and of no benefit.

If people are carrying their secret keys with them and intend to do the signing at the actual meeting by typing their passphrase into a computer, then they are open to key-logging attacks, shoulder-surfing, etc.

All attendees send their public keys to a public keyserver. For this party, we'll use keys.bz or keys.christensenplace.us. If for some reason you don't want your key to be in a public keyserver, but still want to participate, please let me know.

All attendees posts their fingerprint to this wiki page (see below). The event coordinator will compile everyone's key information.

The host prints a list with everyone's fingerprint from the compiled keyrings and distributes copies of the printout at the meeting.

Attend the party. Bring along a paper copy of your fingerprint that you obtained from your own keyring. You must also bring along a suitable photo ID. Instruct the attendees at the beginning that they are to make two marks on the listing, one for correct key information and one if the ID check is ok.

At the meeting the host will distribute the key forms and a hash of that form (also available from this wiki page). The host will read the hash key out so that everyone can verify they have the same file. Everyone will verify that their fingerprint is correct on the form. Once everyone has verified these two pieces of information we will start with the identifications.

After everyone has read his key ID information, have all attendees form a line.

The first person walks down the line having every person check his ID.

The second person follows immediately behind the first person and so on.

If you are satisfied that the person is who they say they are, and that the key on the printout is theirs, you place another check-mark next to their key on your printout.

Once the first person cycles back around to the front of the line he has checked all the other IDs and his ID has been checked by all others.

After everybody has identified himself or herself the formal part of the meeting is over. You are free to leave or to stay and discuss matters of PGP and privacy (or anything else) with fellow PGP users. If everyone is punctual the formal part of the evening should take less than an hour.

After confirming that the key information on the key server matches the printout that you have checked, sign the appropriate keys. Keys can only be signed if they have two check-marks.

We are not providing specific guidelines on what IDs are acceptable, or how many are required, however, it is generally expected that each participant will be able to provide some sort of government issued photo identification, such as driver's license, passport, etc., matching the name on their key. It is up to the other participants whether or not they will accept your identification.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, and JBoss are trademarks or registered trademarks of
Red Hat, Inc. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
The Fedora Project is maintained and driven by the community and sponsored by Red Hat. This is a community
maintained site. Red Hat is not responsible for content.